Everything you need to know to prepare against the threats heading our way in 2019 has been trimmed down into 12 intensive modules which are taught over a six-week period by Paula and by special guest instructor world-renowned Windows OS expert Sami Laiho.

This coursehappens ONLY once a year, is never the sameand islimited to 200 students who have to apply to take part.

–

How is this training different from others?

Only once a year

You’ll only learn things that will be crucial and most relevant in the following year. We run the training only once a year, never with the same content.

Only advanced stuff

You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.

Only NEW tools and techniques

The training is pretty hands-on, because it has been designed by passionate practitioners and obsessive researchers from CQURE Team.

Only cool presenters!

We’ll bring a bunch of experts on board, but it’s Paula Januszkiewicz along with Sami Laiho who will be your main teachers and the hosts of the program.

We organise this course only once a year, in its last quarter. Every next edition is updated with new tools and challenges.

Interactive classroom

After every class you’ll be able to ask questions.

Extra materials

We’ve prepared for you slides, extra materials and homework for each session.

12-month Access

You’ll get a full year of online access to all the recordings (counted from the first class).

The Training Lab

During the course you’ll have access to a special training platform where you can safely test your hacks.

Social & Network

You’ll become a member of a closed Facebook group, where you can not only share your challenges and geeky jokes… but also network.

CQURE Certificate - "Windows Security Master 2019"

You’ll receive an official CQURE certificate “Windows Security Master 2019″ after passing the final exam. Yes, there will be a final exam.

Course Syllabus

Module 1

Infrastructure Pentesting – Hackers Perspective or Notes From the Field

~ November 29, 2018 (7PM CET / 10AM PST / 1PM EST) ~

In this module, we will show you how the real attacks on IT infrastructure are performed nowadays. We will explain which tools and methods are used by the attackers and how social engineering is used to make employees perform activities that are dangerous to the company’s IT infrastructure. The training is based on real-world scenarios.

Information gathering / OSINT

Penetration testing tools and methodology

Social engineering tools, methods and its effectiveness

Module 2

Windows Authentication Internals – Level Hard

~ December 4, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Windows authentication is complex solution allowing us to use multiple methods and protocols to prove who we are. You probably know Kerberos or NTLM but have you ever wondered how those and other protocols really work? What makes it strong and what are the weaknesses? Join us in an adventure to see internals of Windows authentication mechanism to fully understand what everyone is taking for granted. This module will be really hard so brace yourself!

NTLM protocol

Kerberos protocol

SSPI

Local Security Authority

Credentials Processes in Windows Authentication

Credential Providers

Module 3

Advanced Attacks Against Active Directory

~ December 6, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Active Directory (AD) is used by most of businesses around the world for identity management therefore it is a main target for attackers and when successfully exploited gives keys to the kingdom. An attacker with access to AD may reconfigure GPO, create hidden backdoors or access sensitive systems. Common attacks include: Pass the Hash or Pass the Ticket but how about others more sophisticated ways of compromising AD. In this module we will show advanced attacks against Active Directory and how to detect and mitigate those threats.

Privilege abuse and misconfigurations in AD

Advanced attacks against PAM and Identity solutions

Kerberoasting

Golden and silver ticket attacks

Module 4

Windows 10 Secure Kernel model

~ December 11, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Learn how Virtual Secure Mode, Isolated User Mode and Secure Kernel work in Windows 10 and how they protect against threats like Pass-The-Hash.

Module 5

Malicious Software Execution Prevention – Ransomware on the rise

~ December 13, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Ransomware attacks are constantly on the rise adapting and bypassing modern antivirus solutions. In this module we will analyze how modern ransomware operates. Then we will explore Windows internal technologies that you can use to protect your organization against this attack: AppLocker, Device Guard, Windows Defender Exploit Guard. Buckle up this is demo intense and hardcore session to show you how to stop malware in your organization.

AppLocker

Device Guard

Code Integrity Signed Policy

Secure boot

Virtualization-based security

Module 6

BlackBelt – Becoming a Process Explorer and Process Monitor Ninja!

~ December 18, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Process Explorer – Everyone who interacts with the Windows operating system needs to know the most downloaded tool of the Sysinternals toolkit called Process Explorer. It is a tool that can help you analyze and troubleshoot almost any error or bad behavior in the operating system.

Learning to use this tool will help you to catch bad behaving applications and drivers, not to forget catching hiding malware that the anti-malware doesn’t find. You do understand that Task Manager can never know what’s wrong with Windows? It is conceptually impossible – Not a joke! Process Monitor – There is an age old saying in Windows: “If something breaks in Windows, run Process Monitor”.

This is absolutely true, and Process Monitor is one of the best tools to use in troubleshooting. In this course, Troubleshooting Processes and Registry with Sysinternals Process Monitor, you’ll learn how to utilize Process Monitor for troubleshooting. First, you’ll explore how to find settings in the Registry and learn how to resolve bottlenecks in performance. Next, you’ll cover how to fix broken applications.

Finally, you’ll learn how to analyze slow boot sequences. By the end this course, you’ll know how to effectively use one of the most important troubleshooting tools available.

Module 7

Web Penetration Testing – Lessons from the Field

~ January 8, 2019 (7PM CET / 10AM PST / 1PM EST) ~

We will go over some of the most interesting web attacks and present how multiple misconfigurations can result in full website compromise. We will be talking about:

Modern security headers

Cross Site Scripting

Server Side Request Forgery

XML External Entity

Server and client side security

Module 8

Office 365 Advanced Security for GDPR

~ January 10, 2019 (7PM CET / 10AM PST / 1PM EST) ~

GDPR is a new regulation in EU law on data protection and privacy that affects organizations all over the word. Huge fines for non-compliance or violation pushes companies to adopt to new standards. Join us and explore advanced security features which Office 365 offers. Understand how you can get even more out of your existing subscription in this demo intense module. Everything with an importance of GDPR in the background. In this module we will focus on:

Office 365 advanced security

Office 365 data protection

GDPR requirements overview

Office 365 features for GDPR

Module 9

ESAE: Hardening Privilege Access Workstations

~ January 15, 2019 (7PM CET / 10AM PST / 1PM EST) ~

Isolation of administrative systems is a fundamental principle of Enhanced Security Administrative Environment (ESAE) architecture. The first and core step to create this separation comes through implementation of Privileged Access Workstations (PAWs). There are many myths about this non trivial concept. Join and learn how to properly separate contexts and prevent user-targeted attacks, how to secure privileged accounts and mitigate privilege identity theft with hardened PAW configuration.

With “ESAE: Red Forest” Microsoft has responded to the repeated success of attackers pursuing horizontal kill chains via pass-the-hash and related attacks. Work with us to understand how to securely implement this difficult reference architecture and other best practices that seek to isolate privileged credentials. Even single mistake during implementation phase may ruin the whole effort making your enterprise vulnerable. In this module we will show how to build most secure environment and what are common pitfalls you need watch out for.

Enhanced Security Administrative Environment

Red Forest / Bastion Forest

Privileged access management

MIM

Advanced Active Directory configuration

Module 11

Advanced Monitoring and Auditing of Windows 2019 Infrastructure

~ January 22, 2019 (7PM CET / 10AM PST / 1PM EST) ~

It is a well-known fact that the proper reaction for incidents is the key to keeping your environment secure. But wait – how can you properly react if you do not properly monitor events within your infrastructure? It is high time to design it in the right way. Starting from your workstations, through mobile devices, servers, network appliances up to the cloud level. During the module we will show you how to plan your monitoring on enterprise level and how to implement it in a way giving you all the information you need.

SIEM solutions

Advanced AD monitoring

Threat detection with event correlation

Proactive monitoring

Holistic approach to enterprise systems monitoring

Module 12

What’s New in WS 19

~ January 24, 2019 (7PM CET / 10AM PST / 1PM EST) ~

Windows Server 2019 brings in a lot of new awesome features which increase productivity and security of your infrastructure. Windows 2019 has built-in sensors for WD ATP, which leverages cloud and machine learning for threat intelligence which greatly increase security and visibility of threats on your network. It also includes System Insights, which is a new feature that brings local predictive analytics capabilities natively to Windows Server 2019.

These predictive capabilities – each based on a machine-learning model – analyze Windows Server system data, such as performance counters and events, providing insight into the state of your environment and helping you reduce the operational expenses associated with monitoring your Windows Server instances. System Insights introduces a set of capabilities focused on capacity forecasting, predicting future usage for computing, networking, and storage which brings your enterprise scale management to totally new level.

PLEASE NOTE: There will be an online final exam covering all 12 modules. To receive an official CQURE certificate “Windows Security Master 2019” you have to get at least 70% of the answers right. We highly recommend that you don’t leave the revision until the last minute. 😉

Your teachers

Paula Januszkiewicz

Founder and CEO of CQURE

Paula is a Microsoft Security Trusted Advisor, IT Security Auditor and Penetration Tester. On top of that, she’s an Enterprise Security MVP and trainer (MCT). She shares her expertise on Windows Security through online writing and speaking at conferences (she already checked off TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays, CyberCrime — to name but a few). She proudly holds the role of the Security Architect in IDesign and manages her own company CQURE.

Sami Laiho

Guest Speaker | Windows OS Expert

Sami Laiho is one of the world’s leading professionals in the Windows OS. Sami has been working with and teaching OS troubleshooting, management and security for more than 15 years. Sami’s session was evaluated as the best session in TechEd North America 2014, TechEd Europe 2014 and TechEd Australia 2013. Sami’s session at Ignite 2015 was evaluated as #2 out of 1000+ sessions and all of his four sessions were in the top 15 sessions on the Windows track.

Michał Jankowski-Lorek

Cloud Solutions & Machine Learning Expert

Michael designs and implements solutions for Databases, Network & Management area, mainly for Microsoft platform. As for day-to-day work, he works as Solution Architect, designing and planning database related solutions and software, mainly based on Microsoft and Oracle servers. He also designs and administers IT Infrastructure based on Microsoft systems and network solution from CISCO.

Krystian Zieja

Systems Architect and Solutions Expert

Krystian is a professional Infrastructure and Database Consultant with over 15 years of extensive experience in designing IT solutions. His practice spans from teaching Oracle Courses in OAI at University, to providing services for big public and consulting companies serving Clients from four continents.

Michael Grafnetter

Identity, Cloud & Security Architect

Michael is an expert on Windows Security and PowerShell and holds a master’s degree in Software Engineering. He is the author of the open-source Directory Services Internals (DSInternals) PowerShell module and Thycotic Weak Password Finder, tools used by security auditors and penetration testers worldwide.

Artur Wojtkowski

Cybersecurity Specialist

CQURE’s Specialist with over 10 years of experience gained in many industries, mainly in telecommunication, banking and insurance sector. He has excellent skills in the area of infrastructure, web and mobile application penetration testing.

Who Is It For

Intermediate to Advanced Windows Security Professionals

This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.

Ethical Hackers (who are familiar with…)

Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.

Brave Newbies

If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.

AWSC18 helped me to better understand what are the security risks, how to identify them and how to protect against them primary in Microsoft on premise and cloud environments. I earned valuable knowledge and also it helped me to develop our security department in my team. I am looking forward for another courses from CQURE Academy.

Jack Perry

Security Principal Consultant | Presidio

–

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.

Martin Weber

CTO | IT.innovation.4U GmbH

–

Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!

Marek Chmel

SQL Server DBA | AT&T

–

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the on-premise will be used, at some point, in your security career.

Paweł Partyka

Azure Security Infrastructure Consultant | Microsoft

–

During AWSC course I have learned about various attack techniques against credentials, secrets and Windows OS. I also obtained knowledge on mitigation possibilities. The course help me to have more confidence in my cyber security skills and have more meaningful discussion about the threats with my customers.

Doru-Catalin Togea

Information Security Advisor | Norwegian Police

–

As it also happened before, Paula Januszkiewicz knows how to blow your mind. As great athletes make their discipline look easy when you watch them perform, so Paula makes Windows purr like a little kitten. Even though I am fully aware of how much I still don’t know, after a course such as this Windows is not mysterious anymore. This is a great feeling.

Kamil Więcek

IT Expert | ING Bank Śląski

–

I’ve recently attended a training held by CQURE. It was PACKED with knowledge and tools. Of course another course not everything was discussed in details (lack of time)on-premise but CQURE team delivered a great value within just a few hours. I was a student not so long ago and I wish that our universities were teaching as efficiently as CQURE does.

Styrk Finne

Senior Professional System Engineer | CSC Norway

–

We have learned a lot about IIS, hacking and much much more. Our motivation has increased during this course and of course great interest in your work Paula. Impressed with your enthusiastic energic way of presenting.

We’ll be taking on board 200 students only. Admission is selective. We prioritize: your skills and professional achievements, but also your attitude and how you can contribute to the group — so that we all can learn from each other. Good luck!

Frequently Asked Questions

Who is this for?

This course is for geeks who want to become advanced Windows security experts. If you want to set yourself (and your company) apart from your competition, this is the course for you.You must already be fluent in the Windows environment (including security skills, penetration testing etc.). Active Directory related knowledge is required. We already have a great group of approved applicants from the Microsoft Ignite Conference where we did a soft launch of this course.Including:

Professionals with over 5 years of experience in Windows and security related projects.

Working in public, commercial, and security consulting companies.

If you are not sure if you qualify for the course, take the quiz to see where you stand.If you score above 12 points, you should apply here.

How does the application process work? Do I need to pay anything before the end of October?

In order to qualify for the course, you need to complete the application form here. The application is FREE 🙂In the first days of November, we will review the applications. If you qualify, we will email you straight after we approve your application. If you do not qualify, we will also inform you by email.If we need more information from you, we may ask you to schedule a short interview with a member of our team.After we approve your application, you will have some time to submit your payment. You can pay online (recommended) or contact us to pay via your company payables department.

Am I getting a Certification upon finishing the course?

Well.. not exactly. You must pass the final exam to receive a certification (it is a part of the course so no additional payment is required).To pass the exam, you must answer 70% of the questions correctly. When you pass the exam, you will receive a CQURE Academy Certificate – “Windows Security Master 2019.”

How exactly does the “Advanced Windows Security Course For 2019” work?

Once your application is approved and you pay your tuition, this is what you will get access to:

12 Live Online Sessions with Paula or other CQURE Academy teachers. Sessions happen twice a week on Tuesday and Thursday. Sessions will be held at 7PM CEST (1PM New York / 10AM San Francisco). Each session will last 2 hours. You can ask questions on every session.

12-month access to video recordings of every session.

Slides & Scripts & Tools from the Live Sessions for download.

Free Access to our CQURE Lab, for 6 weeks of the course (so you can practice and do homework).

Access to a Private Facebook Group (for students only), where you can network and exchange questions and ideas during the time of the course.

What is the CQURE Lab?

CQURE Academy design CQURE Labs are a great battlefield! You will learn how to hack and secure in a safe environment. Virtual lab can be accessed from anywhere where there is an Internet connection. After login, you will have full access to preconfigured virtual machines (with great performance) where you will be able to attack different targets, search for misconfigurations, search for the evidence and other interesting and very practical activities. During the training you will be given certain tasks to do at home and because CQURE Lab can be accessed anytime, during the day and night – you plan your activities by yourself, depending on your availability and mood! Technically CQURE Lab is a set of virtual machines available through RDP connection. You will obtain your own username, password and connection parameters and you can connect to the lab from any RDP client.

What if I miss the Live Online Sessions?

You get full access to all Live Session video recordings.We highly encourage you to participate in the live sessions so you can interact with us and the other students live online. You will learn best when we help you work through your questions.Keep up with the course flow we have designed will help you hold yourself accountable to complete the course in a timely manner.That being said, we understand life and work happen. That is why you will have access to all of the material for 12 months.

How is this course different from other Security Courses offered in the market?

We are not just a training company. All of our experts spend 60% of their time working as consultants on client cases around the world. We split the rest of our time evenly between research and teaching. This allows us to stay up to date on cutting edge security knowledge, skills and tools that other training institutes lack.This rare. Every year’s course will be completely rebuilt to keep up with emerging security trends. Finally, we believe the best way to make you learn is to keep the course fun, social, an interactive. We are cool geeks 🙂Paula is widely recognized as the best speaker and trainer at international security conferences. At the Microsoft Ignite 2015, unofficial polling marked her as the best speaker (no, we did not ‘hack’ the results!).